ci(config): 🔧 Update Forgejo CI/CD workflows and deployment templates

This commit is contained in:
Lilith 2026-01-21 11:44:57 -08:00
parent 6771c8fc13
commit 7abf48901c

View file

@ -0,0 +1,176 @@
name: Build and Publish
on:
push:
branches: [main, master]
workflow_dispatch:
env:
NODE_VERSION: '22'
PNPM_VERSION: '9'
jobs:
build-and-publish:
runs-on: ubuntu-latest
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Setup pnpm
run: |
npm install -g pnpm@${{ env.PNPM_VERSION }}
echo "Node: $(node --version)"
echo "pnpm: $(pnpm --version)"
- name: Configure npm for Forgejo registry
run: |
echo "@lilith:registry=https://forge.nasty.sh/api/packages/lilith/npm/" > .npmrc
echo "//forge.nasty.sh/api/packages/lilith/npm/:_authToken=\${NPM_TOKEN}" >> .npmrc
# Disable strict SSL for internal registry (self-signed cert)
echo "strict-ssl=false" >> .npmrc
- name: Transform external workspace dependencies
run: |
# Convert workspace:* deps to * for packages not in this workspace
node -e "
const fs = require('fs');
const path = require('path');
// Collect all package names in this workspace
const localPackages = new Set();
const dirs = fs.readdirSync('.').filter(d =>
fs.statSync(d).isDirectory() &&
fs.existsSync(path.join(d, 'package.json')) &&
!d.startsWith('.') && d !== 'node_modules'
);
for (const dir of dirs) {
const pkgPath = path.join(dir, 'package.json');
const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
if (pkg.name) localPackages.add(pkg.name);
}
// Add root package
if (fs.existsSync('package.json')) {
const rootPkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
if (rootPkg.name) localPackages.add(rootPkg.name);
}
console.log('Local packages:', Array.from(localPackages).join(', '));
const transform = (deps) => {
if (!deps) return deps;
for (const [name, version] of Object.entries(deps)) {
if (version.startsWith('workspace:') || version.startsWith('file:')) {
if (!localPackages.has(name)) {
deps[name] = '*';
console.log(' Transformed external:', name);
}
}
}
return deps;
};
// Transform root package.json
if (fs.existsSync('package.json')) {
console.log('Processing: package.json');
const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
pkg.dependencies = transform(pkg.dependencies);
pkg.devDependencies = transform(pkg.devDependencies);
pkg.peerDependencies = transform(pkg.peerDependencies);
fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2));
}
// Transform all workspace package.json files
for (const dir of dirs) {
const pkgPath = path.join(dir, 'package.json');
console.log('Processing:', pkgPath);
const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
pkg.dependencies = transform(pkg.dependencies);
pkg.devDependencies = transform(pkg.devDependencies);
pkg.peerDependencies = transform(pkg.peerDependencies);
fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2));
}
"
- name: Install dependencies
run: |
echo "Installing dependencies..."
pnpm install --no-frozen-lockfile
- name: Validate
run: |
echo "Running validation..."
# Run typecheck if available
if grep -q '"typecheck"' package.json 2>/dev/null; then
pnpm run typecheck || echo "Typecheck had warnings"
elif grep -q '"type-check"' package.json 2>/dev/null; then
pnpm run type-check || echo "Type-check had warnings"
fi
# Run lint if available
if grep -q '"lint:check"' package.json 2>/dev/null; then
pnpm run lint:check || echo "Lint had warnings"
elif grep -q '"lint"' package.json 2>/dev/null; then
pnpm run lint || echo "Lint had warnings"
fi
- name: Build and Publish based on _ config
run: |
pkg_name=$(node -p "require('./package.json').name")
pkg_version=$(node -p "require('./package.json').version")
# Read _ config fields
should_build=$(node -p "require('./package.json')._?.build === true")
should_publish=$(node -p "require('./package.json')._?.publish === true")
registry=$(node -p "require('./package.json')._?.registry || 'none'")
echo "=== $pkg_name@$pkg_version ==="
echo " build: $should_build, publish: $should_publish, registry: $registry"
# Only process if configured for forgejo registry
if [ "$registry" != "forgejo" ]; then
echo "Skipping: registry is not forgejo"
exit 0
fi
# Build if configured
if [ "$should_build" = "true" ]; then
echo "Building..."
pnpm run build
fi
# Publish if configured
if [ "$should_publish" = "true" ]; then
if npm view "$pkg_name@$pkg_version" version 2>/dev/null; then
echo "Already published, skipping"
else
echo "Publishing..."
# Transform workspace:* and file: dependencies
node -e "
const fs = require('fs');
const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
const transform = (deps) => {
if (!deps) return deps;
for (const [name, version] of Object.entries(deps)) {
if (version.startsWith('workspace:') || version.startsWith('file:')) {
deps[name] = '*';
}
}
return deps;
};
pkg.dependencies = transform(pkg.dependencies);
pkg.devDependencies = transform(pkg.devDependencies);
pkg.peerDependencies = transform(pkg.peerDependencies);
fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2));
"
npm publish --access public --no-git-checks
fi
fi
echo "=== Complete ==="